﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using IdentityModel;
using IdentityServer4;
using IdentityServer4.Models;
using WeChatIdentity.Constants;

namespace IdentityServer.Configuration
{
    public class Config
    {
        public static IEnumerable<IdentityResource> IdentityResources =>
        new List<IdentityResource>
        {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile(),
        };
        // ApiResources define the apis in your system
        public static IEnumerable<ApiResource> GetApis()
        {
            //resource.Scopes = new List<Scope> { new Scope("orderingapi") };
            return new List<ApiResource>
            {
                new ApiResource("orderingapi","Order Service",new List<string>{ JwtClaimTypes.Role}),
                new ApiResource("paymentapi","Payment Service",new List<string>{ JwtClaimTypes.Role}),
                new ApiResource("locationapi","Location Service",new List<string>{ JwtClaimTypes.Role}),
                new ApiResource("catalogapi","Catalog Service",new List<string>{ JwtClaimTypes.Role})
            };
        }
        public static IEnumerable<ApiScope> ApiScopes =>
        new List<ApiScope>
            {
                new ApiScope("orderingapi","Order Service",new List<string>{ JwtClaimTypes.Role}),
                new ApiScope("paymentapi","Payment Service",new List<string>{ JwtClaimTypes.Role}),
                new ApiScope("locationapi","Location Service",new List<string>{ JwtClaimTypes.Role}),
                new ApiScope("catalogapi","Catalog Service",new List<string>{ JwtClaimTypes.Role})
            };
        public static IEnumerable<IdentityResource> GetResources()
        {
            return new List<IdentityResource>
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile()
            };
        }
        // client want to access resources (aka scopes)
        public static IEnumerable<Client> GetClients(Dictionary<string, string> clientsUrl)
        {
            return new List<Client>
            {
                new Client
                {
                    ClientId = "wechat",
                    ClientName = "WeChat Client",
                    ClientSecrets = new List<Secret>
                    {
                        new Secret("hus78327h9ju@s367js+980".Sha256())
                    },
                    ClientUri = $"{clientsUrl["WeChat"]}",
                    RedirectUris = new List<string>
                    {
                        $"{clientsUrl["WeChat"]}/signin-oidc"
                    },
                    PostLogoutRedirectUris = new List<string>
                    {
                        $"{clientsUrl["WeChat"]}/signout-callback-oidc"
                    },
                    AllowedGrantTypes = {
                        GrantTypes.ResourceOwnerPassword.FirstOrDefault(),
                        GrantTypeConstants.ResourceWeixinOpen,
                    },
                    AllowOfflineAccess = true,//如果要获取refresh_tokens ,必须把AllowOfflineAccess设置为true
                    AlwaysIncludeUserClaimsInIdToken = true,

                    AllowedScopes = new List<string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.OfflineAccess,
                        "orderingapi",
                        "catalogapi",
                        "locationapi",
                        "paymentapi"
                    },
                    AccessTokenLifetime = 60*60*24*1, // 1天
                    IdentityTokenLifetime= 60*60*24*1 // 1天
                },
                new Client
                {
                    ClientId = "wechatweb",
                    ClientName = "Wechat Web Client",
                    ClientUri = $"{clientsUrl["WeChatWeb"]}",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,
                    //是否需要用户点击同意，这里需要设置为 false，不然客户端静默刷新不可用
                    RequireConsent = false,
                    AccessTokenLifetime = 60 * 60,//60 * 5
                    RedirectUris =
                    {
                        $"{clientsUrl["WeChatWeb"]}" , //登录成功
                        $"{clientsUrl["WeChatWeb"]}"//定时刷新token（看不见）
                    },
                    PostLogoutRedirectUris =   //登出跳转
                    {
                         $"{clientsUrl["WeChatWeb"]}"
                    },
                    AllowedCorsOrigins =
                    {
                        "http://localhost:8080" //跨域
                    },
                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.OfflineAccess,
                        "orderingapi",
                        "catalogapi",
                        "locationapi",
                        "paymentapi"
                    }
                },
                new Client
                {
                    ClientId = "systemweb",
                    ClientName = "System Web Client",
                    //ClientUri = $"{clientsUrl["SystemWeb"]}",
                    AllowedGrantTypes = GrantTypes.Implicit,//GrantTypes.Implicit,
                    RequireClientSecret = false,
                    //RequirePkce = true,
                    AllowAccessTokensViaBrowser = true,
                    //禁用consent(授权)页面确认
                    RequireConsent = false,
                    //token过期时间（15分钟）
                    AccessTokenLifetime = 60 * 15,
                    RedirectUris =
                    {
                        $"{clientsUrl["SystemWeb"]}/oidc-callback", //登录跳转
                        $"{clientsUrl["SystemWeb"]}/oidc-silent-renew"//定时刷新token（看不见）
                    },
                    PostLogoutRedirectUris =   //登出跳转
                    {
                         $"{clientsUrl["SystemWeb"]}/login"
                    },
                    AllowedCorsOrigins =
                    {
                         $"{clientsUrl["SystemWeb"]}" //跨域
                    },
                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.OfflineAccess,
                        "orderingapi",
                        "catalogapi",
                        "locationapi",
                        "paymentapi"
                    }
                },
            };
        }
    }
}
